package com.hyt.it.ogt.ks.login.config;

//import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * 
* @ClassName: ResourceServerConfig  
* @Description: 资源服务器配置 
* @author liuq  
* @date 2018年6月4日  
*
 */
@Configuration
@EnableResourceServer
public class ResourceServerConfig extends ResourceServerConfigurerAdapter{
	
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()  //CSRF禁用，因为不使用session
            .exceptionHandling()  //认证失败处理类
            .and()
            .authorizeRequests()  // 过滤请求
            .mvcMatchers("/").permitAll()
            .mvcMatchers("/index").permitAll()
            .mvcMatchers("/login").permitAll()
            .mvcMatchers("/storage").permitAll()
            .mvcMatchers("/static/**").permitAll()
            .mvcMatchers("/oauth2/**").permitAll()
            .mvcMatchers("/oauth/token").permitAll()
//            .anyRequest().authenticated()
            .anyRequest().permitAll()
            .and()
            .headers().frameOptions().disable()
            .and()
            .httpBasic();
    }
    
}
